{%- set ipv6_enabled = salt['omv_utils.is_ipv6_enabled']() -%}
{%- set server_name = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_SERVERNAME', 'openmediavault-webgui') -%}
{%- set root = salt['pillar.get']('default:OMV_DOCUMENTROOT_DIR', '/var/www/openmediavault') -%}
{%- set client_max_body_size = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_CLIENT_MAX_BODY_SIZE', '25M') -%}
{%- set log_dir = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_LOG_DIR', '/var/log/nginx') -%}
{%- set error_log_level = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_LOGLEVEL', 'error') -%}
{%- set expires = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_CONTENT_EXPIRES', '2d') -%}
{%- set fastcgi_read_timeout = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_FASTCGI_READ_TIMEOUT', '60s') -%}
{%- set fastcgi_param_script_filename = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_FASTCGI_PARAM_SCRIPT_FILENAME', '$document_root$fastcgi_script_name') -%}
{%- set ssl_cert_dir = salt['pillar.get']('default:OMV_SSL_CERTIFICATE_DIR', '/etc/ssl') -%}
{%- set ssl_cert_prefix = salt['pillar.get']('default:OMV_SSL_CERTIFICATE_PREFIX', 'openmediavault') -%}
{%- set include_dir = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_INCLUDE_DIR', '/etc/nginx/openmediavault-webgui.d') -%}
{%- set listen_ipv4_addr = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_LISTEN_IPV4_ADDRESS', '*') -%}
{%- set listen_ipv6_addr = salt['pillar.get']('default:OMV_NGINX_SITE_WEBGUI_LISTEN_IPV6_ADDRESS', '::') -%}
{{ pillar['headers']['multiline'] }}
server {
    server_name {{ server_name }};
    root {{ root }};
    index index.html;
    autoindex off;
    server_tokens off;
    sendfile on;
    large_client_header_buffers 4 32k;
    client_max_body_size {{ client_max_body_size }};
    error_log {{ log_dir | path_join(server_name ~ '_error.log') }} {{ error_log_level }};
    access_log {{ log_dir | path_join(server_name ~ '_access.log') }} combined;
    error_page 404 = $scheme://$host:$server_port/#/404;
    location / {
        try_files $uri $uri/ =404;
    }
    location ~* \.json$ {
        expires -1;
    }
    location ~* \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.4-fpm-openmediavault-webgui.sock;
        fastcgi_index index.php;
        fastcgi_read_timeout {{ fastcgi_read_timeout }};
        include fastcgi.conf;
        fastcgi_param SCRIPT_FILENAME {{ fastcgi_param_script_filename }};
{%- if config.enablessl | to_bool and config.forcesslonly | to_bool %}
        fastcgi_param PHP_ADMIN_VALUE session.cookie_secure=On;
{%- endif %}
    }
{%- if ipv6_enabled | to_bool %}
    listen {{ listen_ipv4_addr }}:{{ config.port }} default_server;
    listen [{{ listen_ipv6_addr }}]:{{ config.port }} default_server;
{%- else %}
    listen {{ config.port }} default_server;
{%- endif %}
{%- if config.enablessl | to_bool and config.forcesslonly | to_bool %}
      if ($scheme = http) {
          # Force redirection to HTTPS.
          return 301 https://$host:{{ config.sslport }}$request_uri;
      }
{%- endif %}
{%- if config.enablessl | to_bool %}
{%- if ipv6_enabled | to_bool %}
    listen {{ listen_ipv4_addr }}:{{ config.sslport }} default_server ssl deferred;
    listen [{{ listen_ipv6_addr }}]:{{ config.sslport }} default_server ssl deferred;
{%- else %}
    listen {{ config.sslport }} default_server ssl deferred;
{%- endif %}
    ssl_certificate {{ ssl_cert_dir | path_join('certs', ssl_cert_prefix ~ config.sslcertificateref ~ '.crt') }};
    ssl_certificate_key {{ ssl_cert_dir | path_join('private', ssl_cert_prefix ~ config.sslcertificateref ~ '.key') }};
{%- endif %}
    include {{ include_dir }}/*.conf;
}
